面向802.11网络的零配置认证方案

C. Latze, U. Ultes-Nitsche, F. Baumgartner
{"title":"面向802.11网络的零配置认证方案","authors":"C. Latze, U. Ultes-Nitsche, F. Baumgartner","doi":"10.1109/LCN.2008.4664192","DOIUrl":null,"url":null,"abstract":"Compared to many 802.11 based networks, GSM has an significant advantage. In contrast to 802.11, GSM provides a standardized authentication scheme, which requires no configuration on the end userpsilas side, but still allows international roaming. GSM does this by using a trusted module within each client: a subscriber identification module.In contrast to the comparable heavy GSM standard, the early 802.11 standards focused on data transmission within small local area networks, therefore omitting a secure and simple to use authentication mechanism. This caused several different and partly incompatible authentication schemes to evolve, ranging from simple password based login pages to certificate based mutual authentication protocols. While these protocols can provide state of the art secure authentication they are, from a user's point of view, almost unacceptable complex, especially if used in an ad-hoc manner outside an corporate environment. Trusted platform modules, as part of any modern computer, can reduce the user's overhead to establish a secure 802.11 based connection dramatically by providing secure, potentially anonymous identities. As shown in this paper this approach can be further extended by using an modified TLS handshake, allowing an automated, on-the-fly retrieval of required credentials. Together with the trusted platform modules, this extension can provide a full fledged zero configuration authentication for 802.11 networks.","PeriodicalId":218005,"journal":{"name":"2008 33rd IEEE Conference on Local Computer Networks (LCN)","volume":"260 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Towards a zero configuration authentication scheme for 802.11 based networks\",\"authors\":\"C. Latze, U. Ultes-Nitsche, F. Baumgartner\",\"doi\":\"10.1109/LCN.2008.4664192\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Compared to many 802.11 based networks, GSM has an significant advantage. In contrast to 802.11, GSM provides a standardized authentication scheme, which requires no configuration on the end userpsilas side, but still allows international roaming. GSM does this by using a trusted module within each client: a subscriber identification module.In contrast to the comparable heavy GSM standard, the early 802.11 standards focused on data transmission within small local area networks, therefore omitting a secure and simple to use authentication mechanism. This caused several different and partly incompatible authentication schemes to evolve, ranging from simple password based login pages to certificate based mutual authentication protocols. While these protocols can provide state of the art secure authentication they are, from a user's point of view, almost unacceptable complex, especially if used in an ad-hoc manner outside an corporate environment. Trusted platform modules, as part of any modern computer, can reduce the user's overhead to establish a secure 802.11 based connection dramatically by providing secure, potentially anonymous identities. As shown in this paper this approach can be further extended by using an modified TLS handshake, allowing an automated, on-the-fly retrieval of required credentials. Together with the trusted platform modules, this extension can provide a full fledged zero configuration authentication for 802.11 networks.\",\"PeriodicalId\":218005,\"journal\":{\"name\":\"2008 33rd IEEE Conference on Local Computer Networks (LCN)\",\"volume\":\"260 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 33rd IEEE Conference on Local Computer Networks (LCN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LCN.2008.4664192\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 33rd IEEE Conference on Local Computer Networks (LCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN.2008.4664192","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6

摘要

与许多基于802.11的网络相比,GSM具有显著的优势。与802.11相比,GSM提供了一个标准化的认证方案,它不需要在终端用户端进行配置,但仍然允许国际漫游。GSM通过在每个客户端中使用一个可信模块来实现这一点:用户识别模块。与笨重的GSM标准相比,早期的802.11标准侧重于小型局域网内的数据传输,因此省略了安全且易于使用的认证机制。这导致了几种不同且部分不兼容的身份验证方案的发展,从简单的基于密码的登录页面到基于证书的相互身份验证协议。虽然这些协议可以提供最先进的安全身份验证,但从用户的角度来看,它们几乎是不可接受的复杂,特别是在企业环境之外以特别的方式使用时。作为任何现代计算机的一部分,可信平台模块可以通过提供安全的、潜在的匿名身份,大大减少用户建立基于802.11的安全连接的开销。如本文所示,可以通过使用修改后的TLS握手进一步扩展此方法,从而允许自动、实时地检索所需的凭据。与可信平台模块一起,这个扩展可以为802.11网络提供完全成熟的零配置身份验证。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Towards a zero configuration authentication scheme for 802.11 based networks
Compared to many 802.11 based networks, GSM has an significant advantage. In contrast to 802.11, GSM provides a standardized authentication scheme, which requires no configuration on the end userpsilas side, but still allows international roaming. GSM does this by using a trusted module within each client: a subscriber identification module.In contrast to the comparable heavy GSM standard, the early 802.11 standards focused on data transmission within small local area networks, therefore omitting a secure and simple to use authentication mechanism. This caused several different and partly incompatible authentication schemes to evolve, ranging from simple password based login pages to certificate based mutual authentication protocols. While these protocols can provide state of the art secure authentication they are, from a user's point of view, almost unacceptable complex, especially if used in an ad-hoc manner outside an corporate environment. Trusted platform modules, as part of any modern computer, can reduce the user's overhead to establish a secure 802.11 based connection dramatically by providing secure, potentially anonymous identities. As shown in this paper this approach can be further extended by using an modified TLS handshake, allowing an automated, on-the-fly retrieval of required credentials. Together with the trusted platform modules, this extension can provide a full fledged zero configuration authentication for 802.11 networks.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信